How to use bridged modem + multiple routers

I have what I consider a very basic understanding of networking. I work for an IT solutions provider and a restaurant chain which we support needs to fix a PCI compliance issue. The network at the location was put in place a year ago with little documentation. My goal is to move a DVR device for CCTV system away from the PoS machine, because the DVR requires a port open which is not good for PCI compliance if both are behind same router.

I apologize for ignorance or lack of any details you might need to help me, if there's some info I need to dig up,I'd be happy to find it. I'm in a rough spot trying to fix this. This is how they are set up.

They have a bridged modem which is the first thing that the DSL line comes into. My impression is that the proper way to use multiple routers with a bridged modem is to have a "main router" which will be the director, if you will. All the other routers should then plug into that main router, as opposed to having multiple routers plugged into a bridged modem. I've confirmed that for whatever reason, TWO Linksys Firewall Routers are plugged into this bridged modem which is a Netopia. Again I apologize but I don't have the model numbers. This brings me to my first couple of questions.

1. If two routers are plugged into the same bridged modem, how would they behave? Wouldn't they be fighting for control to be the "main router"?

2. Is it possible to set up two routers to connect to the same modem if some advanced configuration is made? I actually would like to AVOID using a main router with the other routers connected to that, if possible.

One of the routers has desktop PC and a Point of Sale system connected to it (Router A, if you will), the other has some IP phones connected to it (Router B). Router B always times out when I try to access the console, and I've been told that in order to fix that I need to reset the router. The problem is I can't afford to lose all those settings because I don't know how the company who installed IP phones configured that one. The reason I mention this is to further stress that I don't want to have to reconfigure the existing routers.
However, even though it times out when I try to access console, it will assign me an IP properly. I don't know what that really means. I made sure to double check the gateway IP for that router is correctly typed into web browser.

At the moment, the routers seem to be somehow working fine even though they are both plugged into a single bridged modem. What I would like to do is add a third router that will only have the DVR device plugged into it. My guess is that since Router B does have connectivity (it gives me an IP and I can connect to internet when plugged into it), I should set up this third router (Router C) plugged into router B, and go ahead to configure Router C however is necessary for the DVR to function correct (Give Router C a different gateway than the others, forward the port that the DVR needs, etc.). Is this a viable solution?

Some of my concern is that I'm getting mixed messages from AT&T technicians I have talked to. Supposedly when there are routers connected to a bridge, at least one of them need to have the PPPoE Username/Password (johndoe@att.net) entered on it.

3. In a situation like this, does router A and B BOTH need to have PPPoE user/pass entered? What about Router C? Since router C is plugged into router B, does that eliminate the need to enter PPPoE info?

4. Is it possible to only use the routers in static mode (as opposed to PPPoE with user/pass)? For example, I just enter the primary and secondary DNS which the ISP uses, give all the devices a WAN IP using the block of fixed IPs the ISP gives us? Will that eliminate the need to use PPPoE mode with user/pass?

And finally, my last question would be: 5. In getting this DVR set up on Router C, should I just go ahead to connect it to Router B and try using Router C in static mode with all the right numbers, or go ahead to use the PPPoE info? Do I just try one and if that fails, try the other?

**Note: I was able to log into Router A and see that is doesn't use PPPoE info, just Static mode and using all the right numbers/info. I can't speak for Router B whether or not it's PPPoE or static, because I can't get into it.

P.S. this is all made that much harder by the lack of proper documentation and the fact that this location is in another state, I have to do things remotely and talk to another guy who I can send on-site. Please let me know if there's some other information I really must have or give you in order to make an informed decision about the setup. I'm really dying for advice here, i don't want the customer I support to get billed by this on-site guy for hours and hours of work because I need to conference with AT&T and tinker with this setup all day.

I appreciate any and all advice and tips. Gentlemen of TechSpot, enlighten me.

One thing I noticed from reading your post was that the problem you are trying to solve (not having the port opened to the DVR on the same network as the PoS) would not be solved by placing router C behind router B. You would still have to open the port on router B to allow it to pass to router C. Wouldn't this be the same as opening the port in router B to allow it to pass to the DVR (if the DVR was connected to router B)?

As far as the issues with AT&T, you can only program the IP addresses that they assign to you in the routers. They should be able to tell you how many IP addresses are assigned to your customer. If you have a router behind another router, only the one connected to the modem would have an IP address from the ISP.

I would love to use router B and simply open the port on that, but for some god-awful reason I cannot get into the console there. When a laptop is plugged into router B, that router is giving the laptop the IP information I expect when I go to IPconfig (the gateway is just what it should be according to the diagrams). But when the web browser is opened and the gateway is typed in, it just times out.

My idea is that since we DO get IP information and we can go on internet when a laptop is plugged into that router (B), then it does have connectivity even though we cant get to console. That being said, I figured the solution is to add another router (C) to be plugged into B. At that point I'd be praying I can configure router C in it's console. I figure the "timeout" when going into the console on router B is an issue with the device, and that router B needs to be reset, which I must avoid unfortunately.

As far as PCI compliance goes, I think that as long as the router that the DVR is on is NOT the same router that the Point of Sale machine is on, it should pass just fine. I would have each router on it's own gateway (example: Router A - 192.168.1.1, Router B - 192.168.2.1, Router C - 192.168.3.1). With this setup, I believe the PCI compliance security scan will target the IP of the PoS system behind Router A, and it will scan all the way up to and including Router A, but after that it won't be able to scan the rest of routers and devices.

You said "You would still have to open the port on router B to allow it to pass to router C.", if that is the case then it sounds like I have a couple options.

1. I reset Router B after checking with the company who set up the IP phones (which connect to router B). That way I can ask them if they need any special set up, and I can open the port on Router B. If this is the case, then I have absolutely no need for Router C.

2. The other option, I'd like to know if it is an option: Connect Router C to the bridged modem just like the other routers are connected to the modem. Configure Router C as needed. This brings me back to my question about if it is okay to be plugging in 3 routers to one bridged modem. I think it may not be the BEST option, and it may cause some slowness, but I'm wondering if it works and how much it would slow things down if at all?

If multiple routers are connected to a single bridged modem, will each device experience intermittent disconnects/issues? I have heard the PoS and IP phones have had some issues in the past and I'd like to inquire about that with the manager at the location, but so far I don't know if those past issues are linked to the way the network is set up.

You said you were able to get into the config of router A. What is the WAN IP address of this router (I dont need the exact IP, but is it 192.168.x.x, 10.x.x.x, etc)? This will tell us if the modem is in bridge mode, or routed bridge mode.

So you obviously have atleast 1 IP address from your ISP. I think the best thing would be to find out the login info for router B. This would clear up a lot of unknown's. Also, as a test, you could plug a laptop into the modem and see if it picks up an IP address and is able to access the internet. If it does have access, then you should be able to plug a 3rd router into the modem and put the DVR behind that. If it does not have access, then you would need to find out from AT&T exatcly how many IP's have been assigned to you.

When the laptop is plugged into the modem, it can not connect to the internet. I'm not positive but I think it also would not give us any IP information in IPconfig when plugged into the modem.

For router B, I can't get into it at all. When we try to access that configuration console, it times out and it won't even ask us for the username and password. i know what the username and password for the management of that router should be, but it times out. Which is strange because it does give us expected ip info in IPconfig.

I'm wondering if I should proceed in this order:

1. Just TRY hooking up Router C to the modem and try to set it up. if it works, great. but im still wondering if that setup will slow things down for the entire network, and if any device will get intermittent disconnects/issues.

2. If #1 does not work, I suppose I should perform the reset on Router B as AT&T suggested, so I can reconfigure it. I'd have to ask the IP phone company if there is anything I should be aware of.

Actually no, I did not try power cycling Router B, but that is because when AT&T technician said "that time-out issue sometimes happens and will require a reset" I asked him specifically if he meant a power cycle and he said no, definitely an actual reset holding down the little pinhole reset button.